CVE-2020-21252
https://notcve.org/view.php?id=CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. • https://github.com/Neeke/HongCMS/issues/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-21643
https://notcve.org/view.php?id=CVE-2020-21643
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. • https://github.com/Neeke/HongCMS/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-32412
https://notcve.org/view.php?id=CVE-2022-32412
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Un problema en el componente /template/edit de HongCMS versión v3.0, permite a atacantes a getshell • https://github.com/Neeke/HongCMS/issues/19 •
CVE-2022-32411
https://notcve.org/view.php?id=CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Un problema en el archivo de configuración de idiomas de HongCMS versión v3.0, permite a atacantes a getshell • https://github.com/Neeke/HongCMS/issues/18 •
CVE-2022-28523
https://notcve.org/view.php?id=CVE-2022-28523
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. HongCMS versión 3.0.0, permite la eliminación arbitraria de archivos por medio del componente /admin/index.php/template/ajax?action=delete • https://github.com/Neeke/HongCMS/issues/17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •